Veeam Recovery Orchestrator Flaw Enables Forge of Valid JWT Tokens

Threat Level – Red | Vulnerability Report
Download PDF


A critical authentication bypass vulnerability in Veeam Recovery Orchestrator, tracked as CVE-2024-29855, has been disclosed. This vulnerability poses a serious security risk by allowing unauthorized attackers to access the Veeam Recovery Orchestrator web interface (UI) with administrative privileges. Furthermore, a proof-of-concept (PoC) exploit is now available, heightening the urgency for organizations to apply mitigations promptly.

Threat Level – Red | Vulnerability Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox